Computer systems are continuing to grow in popularity and are frequently interconnected with other computer systems via networks, such as local area networks (LANs) and the Internet. Features such as electronic mail (email), instant messaging, and online entertainment encourage the use of computer systems coupled to networks. These features allow users to, for example, communicate with other users, retrieve audio and/or video content, and purchase products or services via online sources.
This increased interconnection of computer systems increases the likelihood of attacks against the computer systems by malicious users. These attacks may include installing a malicious program onto other users' computers (e.g., intended to disable the other users' computers, to obtain information from the other users' computers, launch attacks against other computers, and the like). Attacks may also include attempting to disable a computer such that its performance is greatly impaired (e.g., by generating a continuous stream of requests sent to the computer). These attacks can be a nuisance to the computer user and may result in lost data, corrupted data, confidential data being copied from the computer, or rendering the computer inoperable.
To prevent or minimize the severity of such attacks, various security programs and services have been developed. These programs and services execute on the computer system and protect the computer system from malicious attacks. Example programs include antivirus programs and firewall programs. Typically, these programs or services are directed toward preventing a particular type of attack. For example, an antivirus program protects against the loading and/or execution of computer viruses, and a firewall program protects against unauthorized access to the computer by an outside user.
These different programs do not typically communicate with one another. For example, an antivirus program does not typically communicate the fact that a virus was detected to the firewall program. Thus, the various security programs in a computer system may not learn of certain attacks on the computer system. It would be desirable to provide an interface that permits the communication of security policies and event information among various components and security programs in a computer system.